News Centre

Microsoft Patches That Need Your Attention!

Article by diogo@techpatrol.com.au
May 16, 2018

SHARE THIS POST:

Microsoft-Tech-Patrol

Today Microsoft release security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wold by cybercrimials, including two publicly disclosed bugs. These patch updates address security flaws in Microsoft Windows, Outlook, .NET Framework, Microsoft Hyper-V, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office, ChakraCore, Azure IoT SDK, and more.

 

The 2 Zero-Days

1 ) Double Kill IE 0-day Vulnerability

Vulnerability 1 (CVE-2018-817) is an active attacking critical remote code executed vulnerability that was revealed by the Chinese security firm Qihoo 360 last month and at the time had all supported versions of Windows operating systems.

The vulnerability which has been dubbed “Double Kill” by researchers, is a use-after-free issue which resides in the way the VBScript Engine handles objects in the computer memory, it requires prompt attention as it could allow an attacker to remotely take control over an affected system be executing malicious code remotely through malicious office documentation, or the the compensation of websites.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft explains in its advisory. 

“The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.” – Says Qihoo.

The users with administrative rights on their systems are impacted servery more than the users with limited rights.

2 ) Win32k Elevation of Privilege Vulnerability.

Vulnerability 2 (CVE-2018-8120) which has been patched this month, is a privilege-escalation flaw that occurred in the WIN32k component of Windows when it fails to properly handle objects in computer memory. This has been rated as “Important”, and affects Windows Servers 2008, Windows 7, Windows Server 2008 R2. WIN32k has been reported to have had active threat actors, however, Microsoft has not provided any details about these in-the-wild exploits.

 

Affected Products + Security update Links

Product
Platform
Article
Download
Impact
Severity
Supersedence
Windows Server, version 1803 (Server Core Installation) 4103721Security Update   
Windows Server, version 1709 (Server Core Installation) 4103727Security Update  4093112
Windows Server 2016 (Server Core installation) 4103723Security Update  4093119
Windows Server 2016 4103723Security Update  4093119
Windows Server 2012 R2 (Server Core installation) 4103725Monthly Rollup  4093114
4103715Security Only
Windows Server 2012 R2 4103725Monthly Rollup  4093114
4103715Security Only
Windows Server 2012 (Server Core installation) 4103730Monthly Rollup  4093123
4103726Security Only
Windows Server 2012 4103730Monthly Rollup  4093123
4103726Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4103718Monthly Rollup  4093118
4103712Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4103718Monthly Rollup  4093118
4103712Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4103718Monthly Rollup  4093118
4103712Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4134651Security Update  4018556
Windows Server 2008 for x64-based Systems Service Pack 2 4134651Security Update  4018556
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4134651Security Update  4018556
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4134651Security Update  4018556
Windows Server 2008 for 32-bit Systems Service Pack 2 4134651Security Update  4018556
Windows RT 8.1 4103725Monthly Rollup   4093114
Windows 8.1 for x64-based systems 4103725Monthly Rollup  4093114
4103715Security Only
Windows 8.1 for 32-bit systems 4103725Monthly Rollup  4093114
4103715Security Only
Windows 7 for x64-based Systems Service Pack 1 4103718Monthly Rollup  4093118
4103712Security Only
Windows 7 for 32-bit Systems Service Pack 1 4103718Monthly Rollup  4093118
4103712Security Only
Windows 10 Version 1803 for x64-based Systems 4103721Security Update   
Windows 10 Version 1803 for 32-bit Systems 4103721Security Update   
Windows 10 Version 1709 for 64-based Systems 4103727Security Update  4093112
Windows 10 Version 1709 for 32-bit Systems 4103727Security Update  4093112
Windows 10 Version 1703 for x64-based Systems 4103731Security Update  4093107
Windows 10 Version 1703 for 32-bit Systems 4103731Security Update  4093107
Windows 10 Version 1607 for x64-based Systems 4103723Security Update  4093119
Windows 10 Version 1607 for 32-bit Systems 4103723Security Update  4093119
Windows 10 for x64-based Systems 4103716Security Update  4093111
Windows 10 for 32-bit Systems 4103716Security Update  4093111

 

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

Smooth Migration to the Cloud

How To Ensure a Smooth Migration to the Cloud

Hot topics: Digital Transformation

The Hot Topics Of Digital Transformation And Applications of 2020

Microsoft Teams Phone System - Technology Success

Microsoft Disrupts The Comms Market By Introducing Microsoft 365 Business Voice

Microsoft Teams and Microsoft Outlook

Microsoft Teams Is Getting Outlook Integration, Tasks Support, and More

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
microsoft-patches-that-need-your-attention-tech-success
Scroll to Top